mirrors/Xray-core
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-core.git synced 2025-07-21 17:34:14 +00:00
Code Issues Projects Releases Packages Wiki Activity

Commands: Display Post-Quantum key exchange in tls ping (#4857)

Browse source 
https://github.com/XTLS/Xray-core/pull/4857#issuecomment-3064964301
This commit is contained in:
风扇滑翔翼 2025-07-19 09:14:56 +08:00 committed by GitHub
parent abd551e9f7
commit cbcab89c7e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 37 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

37
main/commands/all/tls/ping.go
View file

@ -6,6 +6,9 @@ import (
"encoding/base64" "encoding/base64"
"fmt" "fmt"
"net" "net"
"reflect"
"strconv"
"unsafe"
"github.com/xtls/xray-core/main/commands/base" "github.com/xtls/xray-core/main/commands/base"
. "github.com/xtls/xray-core/transport/internet/tls" . "github.com/xtls/xray-core/transport/internet/tls"
@ -36,8 +39,13 @@ func executePing(cmd *base.Command, args []string) {
base.Fatalf("domain not specified") base.Fatalf("domain not specified")
} }
domain := cmdPing.Flag.Arg(0) domainWithPort := cmdPing.Flag.Arg(0)
fmt.Println("Tls ping: ", domain) fmt.Println("Tls ping: ", domainWithPort)
TargetPort := 443
domain, port, err := net.SplitHostPort(domainWithPort)
if err == nil {
TargetPort, _ = strconv.Atoi(port)
}
var ip net.IP var ip net.IP
if len(*pingIPStr) > 0 { if len(*pingIPStr) > 0 {
@ -58,14 +66,14 @@ func executePing(cmd *base.Command, args []string) {
fmt.Println("-------------------") fmt.Println("-------------------")
fmt.Println("Pinging without SNI") fmt.Println("Pinging without SNI")
{ {
tcpConn, err := net.DialTCP("tcp", nil, &net.TCPAddr{IP: ip, Port: 443}) tcpConn, err := net.DialTCP("tcp", nil, &net.TCPAddr{IP: ip, Port: TargetPort})
if err != nil { if err != nil {
base.Fatalf("Failed to dial tcp: %s", err) base.Fatalf("Failed to dial tcp: %s", err)
} }
tlsConn := gotls.Client(tcpConn, &gotls.Config{ tlsConn := gotls.Client(tcpConn, &gotls.Config{
InsecureSkipVerify: true, InsecureSkipVerify: true,
NextProtos: []string{"http/1.1"}, NextProtos: []string{"http/1.1"},
MaxVersion: gotls.VersionTLS12, MaxVersion: gotls.VersionTLS13,
MinVersion: gotls.VersionTLS12, MinVersion: gotls.VersionTLS12,
// Do not release tool before v5's refactor // Do not release tool before v5's refactor
// VerifyPeerCertificate: showCert(), // VerifyPeerCertificate: showCert(),
@ -75,6 +83,7 @@ func executePing(cmd *base.Command, args []string) {
fmt.Println("Handshake failure: ", err) fmt.Println("Handshake failure: ", err)
} else { } else {
fmt.Println("Handshake succeeded") fmt.Println("Handshake succeeded")
printTLSConnDetail(tlsConn)
printCertificates(tlsConn.ConnectionState().PeerCertificates) printCertificates(tlsConn.ConnectionState().PeerCertificates)
} }
tlsConn.Close() tlsConn.Close()
@ -90,7 +99,7 @@ func executePing(cmd *base.Command, args []string) {
tlsConn := gotls.Client(tcpConn, &gotls.Config{ tlsConn := gotls.Client(tcpConn, &gotls.Config{
ServerName: domain, ServerName: domain,
NextProtos: []string{"http/1.1"}, NextProtos: []string{"http/1.1"},
MaxVersion: gotls.VersionTLS12, MaxVersion: gotls.VersionTLS13,
MinVersion: gotls.VersionTLS12, MinVersion: gotls.VersionTLS12,
// Do not release tool before v5's refactor // Do not release tool before v5's refactor
// VerifyPeerCertificate: showCert(), // VerifyPeerCertificate: showCert(),
@ -100,6 +109,7 @@ func executePing(cmd *base.Command, args []string) {
fmt.Println("handshake failure: ", err) fmt.Println("handshake failure: ", err)
} else { } else {
fmt.Println("handshake succeeded") fmt.Println("handshake succeeded")
printTLSConnDetail(tlsConn)
printCertificates(tlsConn.ConnectionState().PeerCertificates) printCertificates(tlsConn.ConnectionState().PeerCertificates)
} }
tlsConn.Close() tlsConn.Close()
@ -117,6 +127,23 @@ func printCertificates(certs []*x509.Certificate) {
} }
} }
func printTLSConnDetail(tlsConn *gotls.Conn) {
var tlsVersion string
if tlsConn.ConnectionState().Version == gotls.VersionTLS13 {
tlsVersion = "TLS 1.3"
} else if tlsConn.ConnectionState().Version == gotls.VersionTLS12 {
tlsVersion = "TLS 1.2"
}
fmt.Println("TLS Version:", tlsVersion)
curveID := *(*gotls.CurveID)(unsafe.Pointer(reflect.ValueOf(tlsConn).Elem().FieldByName("curveID").UnsafeAddr()))
if curveID != 0 {
PostQuantum := (curveID == gotls.X25519MLKEM768)
fmt.Println("Post-Quantum key exchange:", PostQuantum, "("+curveID.String()+")")
} else {
fmt.Println("Post-Quantum key exchange: false (RSA Exchange)")
}
}
func showCert() func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { func showCert() func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
hash := GenerateCertChainHash(rawCerts) hash := GenerateCertChainHash(rawCerts)

10
transport/internet/tls/config.go
View file

@ -486,11 +486,11 @@ func ConfigFromStreamSettings(settings *internet.MemoryStreamConfig) *Config {
func ParseCurveName(curveNames []string) []tls.CurveID { func ParseCurveName(curveNames []string) []tls.CurveID {
curveMap := map[string]tls.CurveID{ curveMap := map[string]tls.CurveID{
"curvep256": tls.CurveP256, "curvep256": tls.CurveP256,
"curvep384": tls.CurveP384, "curvep384": tls.CurveP384,
"curvep521": tls.CurveP521, "curvep521": tls.CurveP521,
"x25519": tls.X25519, "x25519": tls.X25519,
"x25519kyber768draft00": 0x6399, "x25519mlkem768": tls.X25519MLKEM768,
} }
var curveIDs []tls.CurveID var curveIDs []tls.CurveID